On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com> wrote:> OK... but why does it need to be a trunk port? >Because a trunk port will "trunk" the vlan. A VLAN is basically a 4 byte "tag" that gets injected into the packet header when the packet enters the VLAN network. When we trunk a VLAN we say to the switch "pass packets on VLAN x but do not strip the tag out". You can either terminate the VLAN at the switch port (untagged) which will strip out the VLAN tag or you can pass the packet containing the VLAN tag to the computer or other device(tagged/trunk). This device can then pull out the tag. On linux this mechanism is done by an 8021q VLAN interface. Hope this is useful. ta Andrew> > Boris. > > On Sat, Jan 24, 2015 at 6:53 PM, SilverTip257 <silvertip257 at gmail.com> > wrote: > > > Andrew and Dennis are spot on. > > Their conclusions about your server being connected to an access port and > > not a trunk port would be my conclusion as well. > > > > On Sat, Jan 24, 2015 at 9:11 AM, Dennis Jacobfeuerborn < > > dennisml at conversis.de> wrote: > > > > > Hi Boris, > > > what I'd like to know is the actual VLAN configuration of the switch > > > port (link-type and tagged and untagged VLANs). When I look at the > > > switchport coniguration here I get (among other things): > > > > > > ... > > > Port link-type: trunk > > > Tagged VLAN ID : 8, 1624 > > > Untagged VLAN ID : 10 > > > ... > > > > > > Here is my suspicion: > > > Your ports have an access link-type with an untagged VLAN ID of 48. > That > > > would explain why the moment you configure an IP from that VLAN on eth0 > > > you get connectivity because then the packets the Linux box sends are > > > untagged as the switch would expect them to be. If you only put an > > > address on eth0.48 then the packets get tagged by Linux but if the > > > switch port is not configured to receive the packets for VLAN 48 as > > > tagged then it will simply drop these packets and you will not get > > > connectivity. > > > > > > > Additionally, the switch should gripe about 802.1q BPDUs. > > Check the in-memory system log (or syslog server if you have configured > > that). > > > > show logging | i 1Q > > > > Example: > > 1w1d: %SPANTREE-2-RECV_1Q_NON_TRUNK: > > Received 802.1Q BPDU on non trunk FastEthernet0/2 on vlan 100. > > > > > > > > > > So getting the actual VLAN config of the switch port would help to > > > determine if the switch actually expects to receive the packets the way > > > you send them from the Linux box. > > > > > > > > +1 > > Let's see the config for the switch port your server is connected to. > > > > -- > > ---~~.~~--- > > Mike > > // SilverTip257 // > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On Sun, Jan 25, 2015 at 8:38 AM, Andrew Holway <andrew.holway at gmail.com> wrote:> On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com> wrote: > >> OK... but why does it need to be a trunk port? >> > > Because a trunk port will "trunk" the vlan. > > A VLAN is basically a 4 byte "tag" that gets injected into the packet > header when the packet enters the VLAN network. When we trunk a VLAN we say > to the switch "pass packets on VLAN x but do not strip the tag out". > > You can either terminate the VLAN at the switch port (untagged) which will > strip out the VLAN tag or you can pass the packet containing the VLAN tag > to the computer or other device(tagged/trunk). This device can then pull > out the tag. On linux this mechanism is done by an 8021q VLAN interface. > > Hope this is useful. >Just to add to that - normally if a host only needs to be on one subnet you would use an access port on the switch to select a single vlan and deliver those packets untagged so the host does not need to care about tags or vlan numbers. And to that end, switches default to treating everything as access ports on native/untagged vlan 0 unless configured otherwise. However, if the host needs interfaces on multiple subnets, you can do it on a single network connection by giving it a trunk connection from the switch and letting it split out the vlan interfaces internally. -- Les Mikesell lesmikesell at gmail.com
Thank you everyone. OK, the mystery deepens, I guess. The machine does need to support several VLAN's, it is currently on a trunkport (8021q encapsulated), it made it into the ARP table - which I specifically tested for by physically unplugging the table, clearing the ARP table and plugging it back in. The ARP table currently looks like this: hq#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.48.100 0 0025.6440.0301 ARPA Vlan48 Internet 192.168.48.101 - 001b.906a.bcc4 ARPA Vlan48 Internet 192.168.48.1 0 0025.6440.063f ARPA Vlan48 Internet 192.168.2.52 0 0025.6440.0547 ARPA Vlan2 Internet 192.168.3.1 - 001b.906a.bcc2 ARPA Vlan3 Internet 192.168.2.1 - 001b.906a.bcc1 ARPA Vlan2 Internet 192.168.7.1 - 001b.906a.bcc3 ARPA Vlan7 hq# The network config on the machine currently looks like this: it has nothing assigned to eth0, eth0.48 = 192.168.48.100/24, eth0.49 = 192.168.49.100/24, eth0.50 = 192.168.50.100/24. And - even though the ARP table seems to be OK - there is no connectivity! Boris. On Sun, Jan 25, 2015 at 11:42 AM, Les Mikesell <lesmikesell at gmail.com> wrote:> On Sun, Jan 25, 2015 at 8:38 AM, Andrew Holway <andrew.holway at gmail.com> > wrote: > > On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com> wrote: > > > >> OK... but why does it need to be a trunk port? > >> > > > > Because a trunk port will "trunk" the vlan. > > > > A VLAN is basically a 4 byte "tag" that gets injected into the packet > > header when the packet enters the VLAN network. When we trunk a VLAN we > say > > to the switch "pass packets on VLAN x but do not strip the tag out". > > > > You can either terminate the VLAN at the switch port (untagged) which > will > > strip out the VLAN tag or you can pass the packet containing the VLAN tag > > to the computer or other device(tagged/trunk). This device can then pull > > out the tag. On linux this mechanism is done by an 8021q VLAN interface. > > > > Hope this is useful. > > > > Just to add to that - normally if a host only needs to be on one > subnet you would use an access port on the switch to select a single > vlan and deliver those packets untagged so the host does not need to > care about tags or vlan numbers. And to that end, switches default > to treating everything as access ports on native/untagged vlan 0 > unless configured otherwise. However, if the host needs interfaces > on multiple subnets, you can do it on a single network connection by > giving it a trunk connection from the switch and letting it split out > the vlan interfaces internally. > > -- > Les Mikesell > lesmikesell at gmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >